Currently, if you start X without -ac and without -auth, the default connection policy is to allow connections from localhost. In particular, this means on every IPv[46] address, and any local transports including unix sockets.
I'd like to see a mode where the default policy is effectively +si:localuser:`id -un`, which would allow connections only from the uid that started the server. This is effectively the policy everyone's trying to implement with xauth cookies, but cookies have to get stored on disk somewhere which sucks for NFS and r/o images, etc. For the gdm case, the display manager would add the real user to the access list once they've been authed, and then remove itself and start the session as the user. Normally I'd just change the default here, but I think this might be a significant enough difference in behaviour that you should have to ask for it. So. New -localuser option? Change the default? Bad idea, give up, take up farming? - ajax
signature.asc
Description: This is a digitally signed message part
_______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
